Brian Jackson - Fotolia

Cyber crime reporting crucial, say UK police

UK police are gearing up to make it easier for business to report cyber crime, saying that under-reporting continues to be a challenge

UK police are planning to introduce a bespoke cyber crime reporting facility for business to encourage businesses to contact police when they are targeted in this way.

“It is crucial that businesses report cyber crime to us because every incident is an investigative opportunity,” Rob Jones, director of threat leadership at the UK National Crime Agency (NCA) told Computer Weekly.

“Failure to report creates an unpoliced space and a situation where incident response companies just sweep up the glass, but don’t deal with the underlying issue, which emboldens criminals. As a result, the problem will continue and prevalence, severity and sophistication of attacks will increase.”

While the number of cyber attacks reported to police in the latest report by the Office of National Statistics is just 26,000, police estimate that the number of cyber attacks in the same period was around 976,000, which means that barely 3% of cyber attack are being brought to the attention of police.

“As a result, there is a lack of insight into the totality of the threat and we are unable to provide victims with support, or to help them defend themselves better in the future so that they do not become a victim again, which is the best way of dealing with cyber crime,” said Jones.

The problem of under-reporting is due to a number of reasons, he said, including the fact that many companies fear that reporting cyber crime incidents to the police will result in the police disrupting business operations to carry out an investigation, and the perception that police do not have the capability to deal with cyber crime and are unable to find and take action against cyber criminals operating from outside the UK.

“Cyber attacks are a national security threat and we are meeting that challenge by deploying a whole range of resources, with the number of officers dealing with cyber crime increasing from around 70 to 1,000 in the past seven years,” said Jones.

“UK police response to cyber attacks on businesses has matured. We are better at it, and I would encourage businesses to report because failure to do so is just feeding the problem.

“We are not going to swoop in to seize servers and create even more pain, but will engage in a sophisticated way with the company incident response team, if there is one, and we will do our best to make sure that the company can return to normal business as quickly as possible.”

Experience has shown, said Jones, that investment in digital forensic capabilities can be very helpful in tracking down cyber criminals behind attacks.

“There are complex cases, where despite very sophisticated attempts at anonymisation, we are able to identify real-world actors and bring them to justice. Every contact leaves a trace, even in the digital world,” he said.

“Even if cryptocurrency is used, when the proceeds from cyber crime are drawn in the UK, we pursue those involved. So it is completely untrue that offshore criminals are beyond our reach. It may take time to identify real-world actors, but we are committing to do that.”

In the past year, Jones said the number of arrests in cyber crime cases has increased 65% and the number of convictions has increased by 60%, due in part to collaboration with the UK’s Five Eyes partners that has enabled UK law enforcement to arrest, extradite and prosecute cyber criminals.

Police support

In addition to providing police with investigative leads to bring cyber criminals to justice, another key incentive for businesses to report cyber crime, said Jones, is the fact that UK police forces are now in a position to provide support and help limit further attacks and damage to the business.

“We work very closely with the NCSC [National Cyber Security Centre] and we are able to assist businesses in tackling the impact of the crime. We are engaging more with companies as victims than ever before, and have developed a response that will provide victim care for companies and individuals who are struggling with a cyber incident.”

The national centre for reporting cyber crime remains Action Fraud run by the City of London Police, but work is underway to introduce a dedicated cyber crime reporting facility for businesses in early 2020.

“Action Fraud provides a point of contact for all victims of cyber crime, and while it is still not as good as we would like it to be, it has improved and continues to improve, with better technology and increased staffing, which has enabled increases in cyber crime reporting in the past 18 months,” said Jones.

He added that a bespoke platform for businesses to report cyber crime is scheduled to be introduced within months that will be geared to deal with the increased complexity and urgency typically associated with those cases.

The new platform will be designed to enable police to ask businesses a series of questions to establish the nature of the attack and the nature of the business affected, said chief constable Peter Goodman, cyber crime lead for the National Police Chiefs’ Council (NPCC).

“Based on the type of crime and the size and sector of the organisation affected, the case will be directed either to the NCSC, the NCA or the cyber crime unit in the relevant Rocu [regional organised crime unit] to ensure that businesses hit by cyber crime get the most appropriate response,” he said.

Reporting cyber crime, said Jones, helps police to understand if there is a controlling mind behind higher-volume, low-complexity attacks that sit alongside the higher-complexity, low volume threats.

“We can only achieve that if we get the level of reporting that we need. So as the system improves, we should get a much better understanding of the footprint of cyber criminals in the UK, of how they are cashing out in attacks on the UK, and be able to bring them to justice,” he said.

It is important, said Jones, for the UK to have a system response to both types of threat.

“We can’t allow the volume to flourish and create an unpoliced space where large amounts of criminal activity is taking place, but at the same time we need to tackle the highly capable elite end of the threat, which is largely based overseas,” he said.

Ransomware attacks

To improve police understanding of cyber crime, UK police are also working with the banking industry, because while businesses may not always report financial cyber crime to the police, they do tend to report it to their banks, said NPCC’s Goodman.

“One of the reasons these crimes are not reported is that victims do not necessarily understand that they have been targeted by cyber criminals. They query unexplained debits to their account with the bank and the bank will rectify it, so they think it is just a blip and that is the end of it. But they have actually been a victim of crime.”

Asked about the biggest cyber crime threat to businesses and individuals, Jones said ransomware and other forms of cyber extortion are currently the most popular forms of cyber criminal activity.

“The real challenge, from a policing point of view, is the incentive for victims not to report, but just to pay the ransom, clean up the network and move on. But that encourages more attacks in which criminals typically work out how to exploit vulnerable individuals within organisations to gain entry.”

In the light of this, Jones said he would encourage organisations not to negotiate with and pay criminals, but to report incidents to police as early and as honestly as possible without attributing blame to the IT department or third-party suppliers.

“Early reporting provides early investigative opportunities and an early opportunity to mitigate and deal with the harm caused by the attack,” he said.

The best way to prevent ransomware attacks, said Jones, is for companies to ensure that they are not vulnerable by following best practices on cyber security basics to ensure good cyber hygiene.

“Having good, functional data backups, treating your data as an asset, having appropriate policies around your data, and having incident response available to you, are all simple ways of mitigating the harm from ransomware, which is the most prevalent form of attack we see,” he said.

“By being masters of their own data and being able to ensure business continuity, companies can help reduce the incentive for criminals to carry out these attacks, and disrupting the criminals’ business model is a key element to tackling cyber crime.”

One of the top reasons UK businesses experience an adverse outcome from a cyber attack is that they have failed to cover the basic principles of cyber security.

“Get the basics right, be transparent and reach out to law enforcement. The minute you report to police, you disempower the criminal, and that power balance when you are a victim changes, and you become masters of your own destiny again,” said Jones.

Read more about cyber crime

Read more on Hackers and cybercrime prevention

Data Center
Data Management